Click here to Skip to main content
Click here to Skip to main content
Go to top

Restricting application execution in Windows

, 23 Apr 2009
Rate this:
Please Sign up or sign in to vote.
How to lock up certain apps in Windows, or lock all up except the specified ones.

LockUp_Source

Introduction

The purpose of this article is to show you hot to restrict the execution of some applications and allow others in Windows XP.

Disclaimer

THE AUTHOR MAKES NO WARRANTIES ABOUT THE USAGE OF THIS ARTICLE OR ANY PARTS OF ITS CONTENTS AND ACCEPTS NO RESPONSIBILITY FOR ANY DATA LOSS OR OTHER SYSTEM TROUBLE THAT MAY OCCUR FROM THIS USAGE OF ANY CONTENTS OF THIS ARTICLE.

Background

I realize it may be a bit awkward to start the article with such a disclaimer, but you should be careful when it comes to playing around with the Registry.

This application manages a certain key that allows/disallows the execution of applications listed under those keys for the HKCU, which means, all the modifications are only applied to the currently logged user.

The Windows Registry is a database which stores settings and options for Microsoft Windows Operating Systems. It contains information and settings for hardware, Operating System software, most non-Operating System software, and per-user settings. The Registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware.

As the main purpose of this article is to handle certain keys within the Registry, I will only discuss relative code blocks. The following initiates three main keys:

strKeyExplorer = @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer";
strKeyRestrictRun = 
  @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun";
strKeyDisallowRun = 
  @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun";

keyExplorer = Registry.CurrentUser.OpenSubKey(strKeyExplorer, true);
keyRestrictRun = Registry.CurrentUser.CreateSubKey(strKeyRestrictRun, 
                          RegistryKeyPermissionCheck.ReadWriteSubTree);
keyDisallowRun = Registry.CurrentUser.CreateSubKey(strKeyDisallowRun, 
                          RegistryKeyPermissionCheck.ReadWriteSubTree);

The first key path stored in strKeyExplorer is used to open the Explorer key within the Registry which is the key where we set the main two values for the application. You are advised to open the Registry editor and navigate to the relative key path to notice the changes as they are made, as illustrated in the snapshot below:

Reg1.PNG

The main values that we are concerned about in this article are:

  • DisallowRun
  • RestrictRun

You can see there are two other keys branched from Explorer that hold the exact names of those values inside the key. The process is simply to enable either of the values inside the Explorer key by setting it to 1, or disable it by setting it to 0.

Note: when the two values are enabled, the DisallowRun takes control and overrides the RestrictRun value.

Going back to the two keys branched from Explorer, you can see the application names are simply listed under each key so when their equivalent value under Explorer are enabled, the listed applications under that key are simply Allowed/Disallowed!

Let's take a closer look and open the DisallowRun key and see what it contains:

Reg2.PNG

Using the code

An application is added to the list by the following function:

private void btnAdd_Click(object sender, EventArgs e)
{
    if (txtFileLocation.Text.Length > 0 && File.Exists(txtFileLocation.Text))
    {
        string[] splitted = txtFileLocation.Text.Split('\\');
        string strExists = Convert.ToString(keyRestrictRun.GetValue(
                                   txtFileLocation.Text,"None"));
        if (strExists == "None")
        {
            keyRestrictRun.SetValue(txtFileLocation.Text, splitted[splitted.Length - 1], 
                                    RegistryValueKind.String);
            keyDisallowRun.SetValue(txtFileLocation.Text, splitted[splitted.Length - 1], 
                                    RegistryValueKind.String);

        }
        else
            MessageBox.Show("File already in the list", 
                            "Duplicate application file", 
                            MessageBoxButtons.OK, MessageBoxIcon.Error);
        txtFileLocation.Text = String.Empty;
    }
    else
        MessageBox.Show("Please browse for a valid program file first.", 
                        "Invalid or incomplete file name", 
                        MessageBoxButtons.OK, MessageBoxIcon.Error);

    RefreshList();
    load_image_list();
}

And removed using the following:

private void btnRemove_Click(object sender, EventArgs e)
{
    if (listView1.SelectedIndices.Count > 0)
    {
        try
        {
            keyRestrictRun.DeleteValue(
              listView1.Items[listView1.SelectedIndices[0]].SubItems[1].Text);
            keyDisallowRun.DeleteValue(
              listView1.Items[listView1.SelectedIndices[0]].SubItems[1].Text);
            listView1.Items[listView1.SelectedIndices[0]].Remove();
        }
        catch (Exception) { }
    }

    RefreshReg();
    RefreshList();
    load_image_list();
}

Finally, and after adding the desired application to the keys, we need to set either to disable or enable those listed under both keys, using the following code:

private void RefreshReg()
{
    if (rdOnly.Checked)
    {
        keyExplorer.SetValue("RestrictRun", 0, RegistryValueKind.DWord);
        keyExplorer.SetValue("DisallowRun", 1, RegistryValueKind.DWord);

        try
        {
            keyRestrictRun.DeleteValue(strSrcFile);
        }
        catch (Exception) { }
    }
    else
    {
        keyExplorer.SetValue("RestrictRun", 1, RegistryValueKind.DWord);
        keyRestrictRun.SetValue(strSrcFile, assName, RegistryValueKind.String);

        keyExplorer.SetValue("DisallowRun", 0, RegistryValueKind.DWord);
    }
}

Points of interest

You may be interested in the visual effects of this application like extracting the icons of the listed applications. Well, this is done using:

private void load_image_list()
{
    imglst_SmallIcons.Images.Clear();
    imglst_LargIcons.Images.Clear();

    string[] strValueNames = keyRestrictRun.GetValueNames();
    string tmp = String.Empty;

    foreach (string s in keyRestrictRun.GetValueNames())
    {
        try
        {
            ExtractIconEx(s, 0, largeIcon, smallIcon, 1);
            imglst_SmallIcons.Images.Add(Icon.FromHandle(smallIcon[0]));
            imglst_LargIcons.Images.Add(Icon.FromHandle(largeIcon[0]));
        }
        catch (Exception)
        {
            ExtractIconEx("shell32.dll", 0, largeIcon, smallIcon, 3);
            imglst_SmallIcons.Images.Add(Icon.FromHandle(smallIcon[2]));
            imglst_LargIcons.Images.Add(Icon.FromHandle(largeIcon[2]));
        }
    }
}

And, as for the moving buttons, you can simply add an image to your solution that has the larger size of both states, and simply change the PictureBoxSizeMode property for your control.

private void btnAdd_MouseEnter(object sender, EventArgs e)
{
    btnAdd.SizeMode = PictureBoxSizeMode.StretchImage;
}

private void btnAdd_MouseLeave(object sender, EventArgs e)
{
    btnAdd.SizeMode = PictureBoxSizeMode.CenterImage;
}

Another interesting workaround is that you can simply rename an executable file with the name of one of those listed in the keys! Can you believe that this trick can be that stupid after all!

A suggested remedy (just in case!)

Just in case your Windows gets screwed, and as the effects are only applied to the current user, you can always create a new user account and save those files stored in the screwed account, unless of course you are activating the NTFS on that account!

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Muammar©
Retired QSoft
Yemen Yemen
Biography?! I'm not dead yet!
www.QSoftOnline.com

Comments and Discussions

 
GeneralUnderstand now why you put disclaimer Pinmembersanong28-Apr-09 22:45 
Your program just screwwed my Windows, Ijust open it and now I cannot run any program and cannot fixed.
 
Thank you for trouble.
GeneralRe: Understand now why you put disclaimer PinmemberMuammar©29-Apr-09 7:14 
GeneralSource/Binary Corrupt Pinmemberhardsoft23-Apr-09 10:22 
AnswerNo they are not! PinmemberMuammar©24-Apr-09 1:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140905.1 | Last Updated 23 Apr 2009
Article Copyright 2009 by Muammar©
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid